Skip to content
  • Michał Kępień's avatar
    Improve reliability of zone verification checks · 2cbf1028
    Michał Kępień authored
    In the "mirror" system test, ns3 periodically sends trust anchor
    telemetry queries to ns1 and ns2.  It may thus happen that for some
    non-recursive queries for names inside mirror zones which are not yet
    loaded, ns3 will be able to synthesize a negative answer from the cached
    records it obtained from trust anchor telemetry responses.  In such
    cases, NXDOMAIN responses will be sent with the root zone SOA in the
    AUTHORITY section.  Since the root zone used in the "mirror" system test
    has the same serial number as ns2/verify.db.in and zone verification
    checks look for the specified serial numbers anywhere in the answer, the
    test could be broken if different zone names were used.
    
    The +noauth dig option could be used to address this weakness, but that
    would prevent entire responses from being stored for later inspection,
    which in turn would hamper troubleshooting test failures.  Instead, use
    a different serial number for ns2/verify.db.in than for any other zone
    used in the "mirror" system test and check the number of records in the
    ANSWER section of each response.
    2cbf1028